Application Security Lead

Prolific is not just another player in the AI space – we are the architects of the human data infrastructure that's reshaping the landscape of AI development. In a world where foundational AI technologies are increasingly commoditized, it's the quality and diversity of human-generated data that truly differentiates products and models.

Security at Prolific isn't an afterthought, it's foundational to how we build. As a company trusted by world-leading research institutions and AI labs to handle sensitive data at scale, the security of our platform and the code that powers it is critical. We handle participant data, researcher credentials, payment flows, and API integrations, and we need someone to own how we protect all of it at the application layer.

As Application Security Lead, you'll own Prolific's application security strategy and be the most senior security engineering voice in the organisation. You'll define and drive our Secure Software Development Lifecycle (SSDLC), set the standard for how security is embedded into engineering, and get hands-on with code review, threat modelling, and security testing when it matters. You'll also manage our Senior Application Security Engineer and continue to own our compliance programme alongside these responsibilities. This is a player-coach role. You won't just set strategy, you'll be in the code, leading by example, and building the security culture that scales with Prolific. You'll need deep engineering experience to earn the trust of our engineering teams, and deep application security experience to know where the real risks are. You'll report to the Head of Engineering/Platform and work cross-functionally with product engineering, platform, data, TechOps, and legal teams. As we scale, there's a clear path for this role to grow into leading a broader security function.

What you’ll bring to the role:

• Several years of experience in software engineering, you’ve built and shipped production systems at scale
• Several years in application security (testing, code review, threat modelling, vuln management)
• Expert knowledge of OWASP Top 10 (Web & API) and modern attack paths (e.g. auth flaws, SSRF, injection, business logic, supply chain)
• Strong understanding of modern architectures (microservices, APIs, event-driven systems)
• Python for security tooling and automation (Django a strong plus)
• Hands-on testing experience (e.g. Burp Suite) and manual assessment of apps/APIs
• Experience building and scaling SSDLCs, including CI/CD tooling (SAST, SCA, DAST, secrets)
• Experience leading threat modelling and security design reviews
• Strong engineering partnership skills, you influence through trust
• Experience with ISO 27001 / SOC 2 and translating controls into real engineering practices
• Clear communicator across technical and non-technical audiences

Nice to haves:

• Experience mentoring or managing security engineers
• Experience with Django, Vue.js, MongoDB, GCP
• Security champions or bug bounty programmes
• Supply chain or infrastructure security (e.g. Terraform, Kubernetes)
• Hands-on certifications (OSCP, GWAPT, BSCP, CISSP)
• Experience building AppSec in a scaling company

What you’ll be doing in the role:

You’ll own and evolve Prolific’s application security strategy end-to-end, from hands-on testing and threat modelling to scaling secure development practices across engineering. You’ll act as the go-to expert for application security, partnering with engineering leadership to balance risk and velocity, while building the tooling, processes, and culture needed to embed security into how we ship. This includes mentoring an AppSec engineer, leading high-impact security reviews, owning vulnerability management, and ensuring our platform stays ahead of modern threats.

Why Prolific is a great place to work:

We've built a unique platform that connects researchers and companies with a global pool of participants, enabling the collection of high-quality, ethically sourced human behavioral data and feedback. This data is the cornerstone of developing more accurate, nuanced, and aligned AI systems. We believe that the next leap in AI capabilities won't come solely from scaling existing models, but from integrating diverse human perspectives and behaviors into AI development. By providing this crucial human data infrastructure, Prolific is positioning itself at the forefront of the next wave of AI innovation – one that reflects the breadth and the best of humanity. Working for us will place you at the forefront of AI innovation, providing access to our unique human data platform and opportunities for groundbreaking research. Join us to enjoy a competitive salary, benefits, and remote working within our impactful, mission-driven culture.